Defend the Open Web: Keep DRM Out of W3C Standards

Defend the Open Web: Keep DRM Out of W3C Standards

Update, 2013-3-21: you can take action against DRM at the W3C by joining Defective By Design's campaign.

There's a new front in the battle against digital rights management (DRM) technologies. These technologies, which supposedly exist to enforce copyright, have never done anything to get creative people paid. Instead, by design or by accident, their real effect is to interfere with innovation, fair use, competition, interoperability, and our right to own things.

The proposal... claims that "no 'DRM' is added to the HTML5 specification" by EME. This is like saying, "we're not vampires, but we are going to invite them into your house"

That's why we were appalled to learn that there is a proposal currently before the World Wide Web Consortium's HTML5 Working Group to build DRM into the next generation of core Web standards. The proposal is called Encrypted Media Extensions, or EME. Its adoption would be a calamitous development, and must be stopped.

In the past two decades, there has been an ongoing struggle between two views of how Internet technology should work. One philosophy has been that the Web needs to be a universal ecosystem that is based on open standards and fully implementable on equal terms by anyone, anywhere, without permission or negotiation. This is the technological tradition that gave us HTML and HTTP in the first place, and epoch-defining innovations like wikis, search engines, blogs, webmail, applications written in JavaScript, repurposable online maps, and a hundred million specific websites that this paragraph is too short to list.

The other view has been represented by corporations that have tried to seize control of the Web with their own proprietary extensions. It has been represented by technologies like Adobe's Flash, Microsoft's Silverlight, and pushes by Apple, phone companies, and others toward highly restrictive new platforms. These technologies are intended to be available from a single source or to require permission for new implementations. Whenever these technologies have become popular, they have inflicted damage on the open ecosystems around them. Websites that depend on Flash or Silverlight typically can't be linked to properly, can't be indexed, can't be translated by machine, can't be accessed by users with disabilities, don't work on all devices, and pose security and privacy risks to their users. Platforms and devices that restrict their users inevitably prevent important innovations and hamper marketplace competition.

The EME proposal suffers from many of these problems because it explicitly abdicates responsibilty on compatibility issues and let web sites require specific proprietary third-party software or even special hardware and particular operating systems (all referred to under the generic name "content decryption modules", or CDMs, and none of them specified by EME). EME's authors keep saying that what CDMs are, and do, and where they come from is totally outside of the scope of EME, and that EME itself can't be thought of as DRM because not all CDMs are DRM systems. Yet if the client can't prove it's running the particular proprietary thing the site demands, and hence doesn't have an approved CDM, it can't render the site's content. Perversely, this is exactly the reverse of the reason that the World Wide Web Consortium exists in the first place. W3C is there to create comprehensible, publicly-implementable standards that will guarantee interoperability, not to facilitate an explosion of new mutually-incompatible software and of sites and services that can only be accessed by particular devices or applications. But EME is a proposal to bring exactly that dysfunctional dynamic into HTML5, even risking a return to the "bad old days, before the Web" of deliberately limited interoperability.

Because it's clear that the open standards community is extremely suspicious of DRM and its interoperability consequences, the proposal from Google, Microsoft and Netflix claims that "[n]o 'DRM' is added to the HTML5 specification" by EME. This is like saying, "we're not vampires, but we are going to invite them into your house".

Proponents also seem to claim that EME is not itself a DRM scheme. But specification author Mark Watson admitted that "Certainly, our interest is in [use] cases that most people would call DRM" and that implementations would inherently require secrets outside the specification's scope. It's hard to maintain a pretense that EME is about anything but DRM.

The DRM proposals at the W3C exist for a simple reason: they are an attempt to appease Hollywood, which has been angry about the Internet for almost as long as the Web has existed, and has always demanded that it be given elaborate technical infrastructure to control how its audience's computers function. The perception is that Hollywood will never allow movies onto the Web if it can't encumber them with DRM restrictions. But the threat that Hollywood could take its toys and go home is illusory. Every film that Hollywood releases is already available for those who really want to pirate a copy. Huge volumes of music are sold by iTunes, Amazon, Magnatune and dozens of other sites without the need for DRM. Streaming services like Netflix and Spotify have succeeded because they are more convenient than piratical alternatives, not because DRM does anything to enhance their economics. The only logically coherent reason for Hollywood to demand DRM is that the movie studios want veto controls over how mainstream technolgies are designed. Movie studios have used DRM to enforce arbitrary restrictions on products, including preventing fast-forwarding and imposing regional playback controls, and created complicated and expensive "compliance" regimes for compliant technology companies that give small consortia of media and big tech companies a veto right on innovation.

All too often, technology companies have raced against each other to build restrictive tangleware that suits Hollywood's whims, selling out their users in the process. But open Web standards are an antidote to that dynamic, and it would be a terrible mistake for the Web community to leave the door open for Hollywood's gangrenous anti-technology culture to infect W3C standards. It would undermine the very purposes for which HTML5 exists: to build an open-ecosystem alternatives to all the functionality that is missing in previous web standards, without the problems of device limitations, platform incompatibility, and non-transparency that were created by platforms like Flash. HTML5 was supposed to be better than Flash, and excluding DRM is exactly what would make it better.

Every now and then we have to remind someone that it's not illegal for people to report facts that they dislike. This time, the offender is electric scooter rental company Bird Rides, Inc. Electric scooters have swamped a number of cities across the US, many of the scooters carelessly discarded...

When is software free? Is it enough that the software be licensed under a free or open license? What about patents? Software as a service? Trade secrets? What about DRM? Is software ever free? There's a saying in the software freedom movement: "if you can't open it, it's not yours....

Correction 12/4/18: This post has been edited to correct the description of the new exemption, and to acknowledge the contributions of SPN, LCA, and Harvard. Online games have finally found their way into the video game preservation exemption to Section 1201 of the Digital Millennium Copyright Act (DMCA). This...

We’re pleased to announce that the Library of Congress and the Copyright Office have expanded the exemptions to Section 1201 of the DMCA, a dangerous law that inhibits speech, harms competition, and threatens digital security. But the exemptions are still too narrow and too complex for most technology...

Washington, D.C.—The Electronic Frontier Foundation won petitions submitted to the Library of Congress that will make it easier for people to legally remove or repair software in the Amazon Echo, in cars, and in personal digital devices, but the library refused to issue the kind of broad, simple and robust...

If you've ever bought an inkjet printer, you know just how much the manufacturers charge for ink (more than vintage Champagne!) and you may also know that you can avoid those sky-high prices by buying third-party inks, or refilled cartridges, or kits to refill your own cartridges. The major...

Computer science has long grappled with the problem of unknowable terrain: how do you route a packet from A to E when B, C, and D are nodes that keep coming up and going down as they get flooded by traffic from other sources? How do you shard a database...